From owner-cvs-usrbin Tue Feb 25 16:30:11 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA28557 for cvs-usrbin-outgoing; Tue, 25 Feb 1997 16:30:11 -0800 (PST) Received: (from mpp@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA28392; Tue, 25 Feb 1997 16:25:36 -0800 (PST) From: Mike Pritchard Message-Id: <199702260025.QAA28392@freefall.freebsd.org> Subject: Re: cvs commit: src/usr.bin/su su.1 su.c To: burton@bsampley.vip.best.com (Burton Sampley) Date: Tue, 25 Feb 1997 16:25:36 -0800 (PST) Cc: guido@gvr.win.tue.nl, chuckr@glue.umd.edu, danny@panda.hilink.com.au, ache@nagual.ru, guido@freefall.freebsd.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org In-Reply-To: from "Burton Sampley" at Feb 25, 97 03:33:33 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Burton Sampley wrote: > > I have to take a minute to through in my 2 cents here. After working in > the EDP Audit Department for a major bank in the US, the thought of a co. > not knowing who has access to root privs is a little frightening. What's > the co.'s reasoning for this kind of setup? I would hope it's *NOT* a > mission critical, production box. Let's review how things work again: If a user is a member of group wheel, and they know the root password, they can su to root. If only root is a member of group wheel, then no one can su to root, even if they know the root password. If group wheel has no members, then anyone who knows the root password can su to root. -- Mike Pritchard mpp@FreeBSD.org "Go that way. Really fast. If something gets in your way, turn"